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Presentation overview 


@ Introduction 

® Background 

@ General (VMS) 
@ Network 

e Electronic mail 
e ee anges 


e Summary 
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Background 


® What to protect 


— Operating system 


User data 


— Programmes 


Media 
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Background (cont.) 


e Against whom 


— (Ex-)Employees 


grudge, financial problems, inexpertise 


— Hackers 


challenge 


— Criminals 


money, blackmail 


— Competitors 


valuable information 


— Activists 


"Robin Hood syndrom” 
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Background (cont.) 


® Why security 


Loss or theft of information 


— Production loss 


Privacy 


Negative publicity 
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Background (cont.) 


e Breakin methods 
— Scavenging, probing 
— Through bugs 
— Via networks 
— Trojan horses 
— Password grabbers 


— Physical breakin 
theft of media/data 


theft of hardware 


— Tapping of communication lines 
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Background (cont.) 


® How to protect (1) 


— File protection masks 


Against scavenging 


— Auditing 
Against probing 


— Use latest version of software 
Against bugs 












Help! Help! 
'S after me! 
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Background (cont.) 


® How to protect (2) 


— Don’t accept foreign software 


Against Trojan horses 


— Use encryption, fiber optics 
| Against tapping 


Use locked areas for backup-media and console 


— Perform regular backups 


Against physical breakin 
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Background (cont.) 


e Breakins do happen 


— Newspaper article 


Youths hacked into 
secret Nasa network 


West German ‘Hackers’ 
Say They Found Secrets 


22" Reuters” iam ah Because we are 5 ntizbeinstblb peo.” 
; HAMBURG — West .Germai"ple,” he.said,“wé.will not detail then 
aac fae Wednesday that © information: which seemed: classis.s 
ey | had gained access to- sensitive fied oxsecrets j2fisgs 1u0 bein 93 
“data om weapons systems in/a'com- *. Mr-Holland-rey statement— 


puter network linking NASA, the 
U.S. space agency, with research 
centers in Europe and Asia. --. : 

Wau Holland, spokesman for the 
‘Chaos Computer Club of Ham- 
‘burg, said at.a news conference: 
“The whole system was open to our 
- friends. They found such explosive 
inateeat thal wees Ope my the 


* wT here are Sdinations he sed. 
“that most of the research at NASA 
was aimed at new weapons Sys- 
tems. We also.found studies about 
rocket | accidents ane ines com- 

puter safety.” 
= He said the aay antes to ex- 
"pose built-in mistakes in such mod- 
ern computer systems. but not to: 
‘create. havoc with the’ network. 


a, 


- 
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by an official of the National Aero- 


nautics and Space Administration __ 


*- that the hackers, as amateur com- 
puter enthusiasts are called, | had. 
not gained any secret information.’ 


“Computer systems often have a 
security loophole,” he said. “The 


designers and users are aware of : 
that, and that’s why a lot of the: 


material isn’t marked confidential’ © 


or secret.” 


In Tokyo, an official from Ja- 


pan’s state-owned High Energy 
Physics Laboratory said on 
Wednesday that unidentified com- 
puter experts had invaded a Japa- 


nese space research computer 


linked to a NASA system. — 


The intrusion occurred in June 


” - See HACK, Page 6 
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Some examples 


e City of Detroit Bank 


System manager cashes cheques 


© Control data — 


Employee sells components as ’scrap parts’ 


@ NASA 
Computer hacked by Chaos Computer Club 


@® Vandenburg AFB 


Peace activist empties extingiusher in mainframe 


® Volkswagen 


Speculation with exchange rates 
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Background (cont.) 


e Some facts 


1 in 10 computer breakins are discovered 


1 in 2200 breakins lead to prosecution 


75% of all cases involves own employees 


— Men/women relation perpetrators 5:1 


Wadda . 
Gold mine! 
o 
re) 
oe 
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Environment 





NETWORK 
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Operating system (VMS) 


e@ VMS overview 

@ Login procedure 
® Privileges 

@ File protection 

® Audit 


@ User responsibilities 
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VMS overview 


® Schematic overview VMS environment 


environment 


Application. 
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Login procedure 


@ User authorization file (UAF) 


— Every user has a profile 


— Each profile contains a.o.: 
Password 


Privileges 


Acces restrictions 
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Login procedure (cont.) 


@ UAF profile example 


DEMO 
SSG 
DCL 


Username: 
Account: 
CLI: 
Default: USER1: [DEMO] 
LGICMD: LOGIN 
Login Flags: 
Primary days: 
Secondary days: 
Primary 000000000011111111112222 
Day Hours 012345678901234567890123 


UIC: 


Mon Tue Wed Thu Fri 
Sat Sun 


Owner: 


Tables: 


Security Awarenes Seminar 
[100,64] ([SSG,SAS]) 


Secondary 000000000011111111112222 
Day Hours 012345678901234567890123 


Network: ----- No acceSS ------ 2 =--- . No access ------ 
Batch: = ----------------- BEER R He nnn HERES S 
Local: ##H¢+% Ful] access ####ti HHee Full access ####ti 
Dialup: §----------------- PERE E RE enn nna HHERERT 
Remote: ----- No acceSS --—--- = => No access ------ 
Expiration: (none) Pwdminimum: 6 Login Fails: 0 
Pwdlifetime: 30 00:00 Pwdchange: 22-DEC-1987 12:54 : 
Last Login: (none) (interactive), (none) (non-interactive) 
Maxjobs: QO Fillm: ~ 60 Bytlm: 36000 . | 
Maxacctjobs: O Shrfillm: QO Pbytlm: 0 
Maxdetach: O BIOIlm: 50 JTquota: 1024 
Prelm: 6 DIOlm: 18 WSdef: 200 
Prio: 4 AST1m: 80 WSquo: 800 
Queprio: O TQEln: 50 WSextent: 5000 
CPU: (none) Enqlm: 500 Pgflquo: 20000 
Authorized Privileges: 
GRPNAM SETPRV TMPMBX NETMBX 
Default Privileges: 
GRPNAM GROUP TMPMBX NETMBX 
Identifier Value Attributes 
PSISX25 OUT ° %X80010013 NORESOURCE NODYNAMIC 
PSISMAIL %X80010014 NORESOURCE NODYNAMIC 
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Login procedure (cont.) 


® Flowchart of the login procedure 


/ \ VES 0 eee enon n orn 
(SYSSANNOUNCED <---> 

\ DEFINED / 
\ / | 


| Username: FINCH | 
| | 


{| Password: 
| Password: | 
| 
V 
/ \ 
] me NO 0 error 
(GALID ENIRY <<< $er ere >| LOGIN NOT AUTHORIZED | 
\ 06 ll CCC 
\ 
| 
YES | 
V 
/ \ 
/ \ 
/ LOGIN \ VES 
{PESTRICTIONS) 2<e-eeerr >| LOGIN NOT AUTHORIZED | 
\ ye ai ee i spe ss ere ENTS 
\ i 
\ / 


: _, NO | ; 
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Login procedure (cont.) 


\ DEFINED /  WTTTTTTTSSeeeee 
\ / 


/ 
{/LBTEMat ile perry >| @file-spec | 
\ DEFINED / 0 TTTTTTTTeee 


\ EXISTS jo: 0 OS eeeerren= 
/ 
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Login procedure (cont.) 


e Passwords (1) 


— DO NOT use: 


First name 
Surname 
Badgenumber 
Date of birth 
Licence number 
Project names 
Name of pets 


Username 


The above in reverse order 











] checked his credentials, 
sir. He’s trom VMS Login. Shall 
I let him in? ) 
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Login procedure (cont.) 


e Passwords (2) 


— DO NOT: 


Write down 
Tell anybody | 


Write in memos 


— DO: 


Change regularly 

Use at least 6 characters 
Use secundairy password 
Use password generator 


Use your common sense 


e A chain is as strong etc. etc. 
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Login types 


® Interactive 
— Local 


via direct lines 


— Dialup 


via dialup lines 


— Remote 


via network 


® Non-interactive 


— Network | 
Task to Task, f.i. COPY 


— Batch 


Execute commands detached from terminal 


Company Confidential _ Digital Holland - June 23, 1988 


22 


pred ag 
3 


Sree 
Security Awareness Seminar 


CMKRNL 
CMEXEC 
SYSNAM 
GRPNAM 
ALLSPOOL 
DETACH 
DIAGNOSE 
LOG I0 
GROUP 
ACNT 
PRMCEB 
PRMMBX 
PSWAPM 
ALTPRI 
SETPRV 
TMPMBX 
WORLD 
MOUNT 
OPER 
EXQUOTA 
NETMBX 
VOLPRO 
PHY 10 
BUGCHK 
PRMGBL 
SYSGBL 
PFNMAP 
SHMEM 
SYSPRV 
BYPASS 
SYSLCK 
SHARE 
GRPPRV 
READALL 
SECURITY 
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Privileges 


may change mode to kernel 

may change mode to exec 

may insert in system logical name table 
may insert in group logical name table 
may allocate spooled device 

may create detached processes 

may diagnose devices 

may do logical i/o 

may affect other processes in same group 
may suppress accounting message 

may create permanent common event clusters 
may create permanent mailbox 

may change process Swap mode 

may set any priority value 

may set any privilege bit 

may create temporary mailbox 

may affect other processes in the world 
may execute mount acp function 

operator privilege 

may exceed quota 

may create network device 

may override volume protection 

may do physical i/o 

may make bug check log entries 

may create permanent global sections 
may create system wide global sections 
may map to specific physical pages 

may create/delete objects in shared memory 
may access objects via system protection 
bypasses UIC checking 


‘may lock system wide resources 


may assign channels to non-shared device 
group access via system protection 
may read anything as the owner 


may perform security functions 


Digital Holland - June 23, 1988 


23 


qi i ete 


Security Awareness Seminar 


File protection 


@ Protection masks 


— MYFILE.DAT 
(S:RWED,O:RWED,G:RWED,W:RWED) 


Undistinct 


@ Identifiers/Access control list 


— MYFILE.DAT 
(IDENTIFIER = MYIDENT,ACCESS = READ + WRITE) 


Flexible, keys and locks principle 
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VAX/VMS Audit 


® Utility for monitoring of: 
— File access 
— Breakin attempts 
UAF modifications 
Logins 


® Takes invasive action 
— in case of breakin attempt 


-@ Reports through OPCOM 


@ Integrated in VMS 
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VAX/VMS Audit 


Shudda knowd dem smart 
VMS guys wudda used alarms! 
0 
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User responsibilities 


@ Be aware for breakin attempts 
— Report/inform in case of doubt 


e Change your password regularly 
@ Lock’ your terminal when unattended 


@ Logout when finished working 
— password grabbers 


® Conform to Digital (security-) policies 
® Don’t let others use your account 


® Don’t accept/install foreign programmes 
— "There is no such thing as a free lunch” 


e Be aware of what you say to whom 


Company Confidential Digital Holland - June 23, 1988 


27 





in oa a at 
Speropere (are 
Security Awareness Seminar 


Network environment 
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Network overview 


e EASYnet overview 
® Public networks 

e Gateways 

@ Applications 


e Security aspects © 
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EASYnet overview 


® Digital’s internal network 

@ + 28.000 nodes (systems) 

® Growth + 1000 nodes per month 

e Current maximum 63 x 1023 = 64449 nodes 
e Future: an almost infinite number of nodes 


® Via Fiber, Copper en Satellite 


Company Confidential Digital Holland - June 23, 1988 


30 


aa Col pad aad Ws  - — 
GFSrry ean 
Security Awareness Seminar 


Public networks 


@ Datanet 1 

® Managed by third party 

© High availability 

e Similar to telephone network 
@ Has public access 

e Potentany erasers 
Flexible and functional 


e BIG future 
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Public networks 


PSDN 







COMPUTER 









BOSTON 


COMPUTER 


NETWORK 
INTERFACE 
| VERY HIGH 
——~ SPEED LINK 
=== LEASED LINE 


| 
_—- DIAL-UP LINE ; 


The Parts of a PSDN 







Sup, 
a ? 


% 
Powe’ 







NON-DIGITAL 
COMPUTER 


Micro VAX 


DIGITAL and Non-DIGITAL Machines Communicating Across the 


Network 
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Public networks 


[sme | 


. : al 
Multi-host 
A ! 


VAX PSI Access 








VAX PSI Security Controls 
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Gateways 


@ Interconnection of networks 
e Interconnection of programmes 


® Interconnection of databases 
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Network applications 


® Electronic Mail 
® Bulletin Boards 
e File distribution 


® Terminal servers 
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Network security 


® General problems 


— Difficult to locate user 
— Information can be tapped 


® Public networks 


— Has public access 
— requires a high level of security 
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Electronic mail environment 





NETWORK 
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Electronic mail 


@ Legal aspects 


— Be aware of what you write 
— Be aware to whom you send 


e External 


— MRX (Message router gateway) 
— Telex via telex operator 
— Telex via gateway 


e Internal 


— MTS (Message Transport System) 
Message Router | 
vMSmail | 
ALL-IN-1 
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External environment 
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NETWORK 
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External connections 
e Physical security 
— Guards, locked areas 


® Dialin protection 
— Automatic dialback 


e Media 
— Reliable backups, safe storage 


e Contingency 
— Backup systems for calamities 
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Security summary 


® Security decreases performance 

e Requires manpower 

e _— money 

e Requires discipline 

e Security is inversely proportional to productivity 


® Level of security is system dependent 
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Security summary (cont.) 


100% 


tg 


Z2OoOHHA GU OO DW 


100% 
SECPR IT Y 


e Security v/s Productivity 
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Security summary (cont.) 


Medium 





e Security is dependant on system application 
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Security summary (cont.) 
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Security summary (cont.) 


® Information concerning security issues: 


® Recommended documentation 


— Guide to VAX/VMS Security 


® Recommended training 


— VMS Security Seminar 
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Security summary (cont.) 
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Company Confidential | Digital Holland - June 23, 1988 


46 


ee BS 
eva shen 
ae 


sce 





